Merge pull request #1 from rwf14f/master

Major rewrite for perfsonar 3.4
HEP-Puppet · Nov 10, 2014 · 1601137 · 1601137
2 parents 0347d1d + 411bb4c
commit 1601137
Show file tree

Hide file tree

Showing 25 changed files with 613 additions and 173 deletions.
diff --git a/manifests/apache.pp b/manifests/apache.pp
@@ -6,6 +6,17 @@
   $verifydepth = $perfsonar::params::verifydepth,
   $authdn      = [],
 ) inherits perfsonar::params {
+
+  file { "${perfsonar::params::conf_dir}/tk_redirect.conf":
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => "RedirectMatch 301 ^/$ http://${::fqdn}/toolkit/\n",
+    notify  => Service[$::perfsonar::params::httpd_service],
+    require => Package[$::perfsonar::params::httpd_package],
+  }
+
   augeas { 'set mod_ssl params':
     incl    => "${perfsonar::params::mod_dir}/ssl.conf",
     lens    => 'Httpd.lns',
@@ -20,6 +31,8 @@
       "set directive[.='SSLVerifyDepth'] 'SSLVerifyDepth'",
       "set *[.='SSLVerifyDepth']/arg ${verifydepth}",
     ],
+    notify => Service[$::perfsonar::params::httpd_service],
+    require => Package[$::perfsonar::params::httpd_package],
   }
   $have_auth = $authdn ? {
     undef   => 0,
@@ -46,21 +59,25 @@
         # instead of the set commands above, the setm regex versions below should work as well (they do in augtool),
         # but for some reason they produce an error when run by puppet ('Could not evaluate: missing string argument 2 for setm', no useful debug output either)
         # the rm commands below work, but we shouldn't use them with the single set commands above because they can cause security problems
-        # e.g., if the original auth section is removed without from an unexpected directory entry without adding the include
+        # e.g., if the original auth section is removed from an unexpected directory entry without adding the include
         #"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='AuthShadow']",
         #"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='AuthType']",
         #"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='AuthName']",
         #"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='Require']",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='Include'] 'Include'",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Include']/arg '${perfsonar::params::httpd_dir}/ssl_auth.conf'",
-      ]
+      ],
+      notify => Service[$::perfsonar::params::httpd_service],
+      require => Package[$::perfsonar::params::httpd_package],
     }
     file { "${perfsonar::params::httpd_dir}/ssl_auth.conf":
       ensure  => 'present',
       owner   => 'root',
       group   => 'root',
       mode    => '0644',
       content => template("${module_name}/ssl_auth.conf.erb"),
+      notify => Service[$::perfsonar::params::httpd_service],
+      require => Package[$::perfsonar::params::httpd_package],
     }
   } else {
     augeas { 'restore mod_ssl auth':
@@ -102,10 +119,14 @@
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[1] 'group'",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[2] 'wheel'",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[3] 'admin'",
-      ]
+      ],
+      notify => Service[$::perfsonar::params::httpd_service],
+      require => Package[$::perfsonar::params::httpd_package],
     }
     file { "${perfsonar::params::httpd_dir}/ssl_auth.conf":
       ensure => 'absent',
+      notify => Service[$::perfsonar::params::httpd_service],
+      require => Package[$::perfsonar::params::httpd_package],
     }
   }
 }
diff --git a/manifests/bwctl.pp b/manifests/bwctl.pp
@@ -0,0 +1,4 @@
+class perfsonar::bwctl {
+  include 'perfsonar::bwctl::install'
+  include 'perfsonar::bwctl::service'
+}
diff --git a/manifests/bwctl/install.pp b/manifests/bwctl/install.pp
@@ -0,0 +1,7 @@
+class perfsonar::bwctl::install(
+  $ensure = $::perfsonar::params::bwctl_install_ensure,
+) inherits perfsonar::params {
+  package { $::perfsonar::params::bwctl_packages:
+    ensure => $ensure,
+  }
+}
diff --git a/manifests/bwctl/service.pp b/manifests/bwctl/service.pp
@@ -0,0 +1,11 @@
+class perfsonar::bwctl::service(
+  $ensure = $::perfsonar::params::bwctl_ensure,
+  $enable = $::perfsonar::params::bwctl_enable,
+) inherits perfsonar::params {
+  service { 'bwctld':
+    ensure     => $ensure,
+    enable     => $enable,
+    hasstatus  => false,
+    hasrestart => true,
+  }
+}
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -1,42 +1,6 @@
 class perfsonar::config(
   $admininfo   = {},
-  $agentconfig = {},
 ) inherits perfsonar::params {
-  exec { 'ps_initdb_cacti':
-    environment => [ "HOME=/root" ],
-    command     => $perfsonar::params::ps_initdb_cmd_cacti,
-    logoutput   => 'on_failure',
-    require     => Service['mysqld'],
-    unless      => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^cacti$"',
-  }
-  exec { 'ps_initdb_psb_bwctl':
-    environment => [ "HOME=/root" ],
-    command     => $perfsonar::params::ps_initdb_cmd_psb_bwctl,
-    logoutput   => 'on_failure',
-    require     => Service['mysqld'],
-    unless      => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^bwctl$"',
-  }
-  exec { 'ps_initdb_psb_owamp':
-    environment => [ "HOME=/root" ],
-    command     => $perfsonar::params::ps_initdb_cmd_psb_owamp,
-    logoutput   => 'on_failure',
-    require     => Service['mysqld'],
-    unless      => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^owamp$"',
-  }
-  exec { 'ps_initdb_tr_ma':
-    environment => [ "HOME=/root" ],
-    command     => $perfsonar::params::ps_initdb_cmd_tr_ma,
-    logoutput   => 'on_failure',
-    require     => Service['mysqld'],
-    unless      => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^traceroute_ma$"',
-  }
-  exec { 'ps_initdb_pinger':
-    environment => [ "HOME=/root" ],
-    command     => $perfsonar::params::ps_initdb_cmd_pinger,
-    logoutput   => 'on_failure',
-    require     => Service['mysqld'],
-    unless      => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^pingerMA$"',
-  }
   # the perfsonar kickstart post script replaces all 'yes' values in /etc/sysconfig/readahead to 'no'
   # we do the same here with augeas, it replaces all '"yes"' and 'yes' values to 'no'
   # let's hope they don't start using single quotes in that file,
@@ -50,36 +14,38 @@
     # we need the onlyif because the above command produces an error if the regex can't find any values
     onlyif  => 'match readahead/*[label()!=\'#comment\'][.=~regexp(\'"?yes"?\')] size > 0',
   }
-  # ensure ssh is enabled by default, otherwise saving the configuration in the webinterface (or boot can disable it)
-  augeas { 'enable ssh':
-     context => '/files/opt/perfsonar_ps/toolkit/etc/enabled_services',
-     incl    => '/opt/perfsonar_ps/toolkit/etc/enabled_services',
-     lens    => 'Shellvars.lns',
-     changes => 'set ssh_enabled "enabled"'
-  }
-  $site_project = 'pS-NPToolkit-3.3.1'
   file { '/opt/perfsonar_ps/toolkit/etc/administrative_info':
     ensure  => 'present',
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     content => template("${module_name}/administrative_info.erb"),
+    require => Package['perl-perfSONAR_PS-Toolkit']
+  }
+  # update owner / permissions on directories
+  file { '/var/lib/perfsonar/db_backups':
+    ensure => 'directory',
+    owner  => 'perfsonar',
+    group  => 'perfsonar',
+    mode   => '0755',
+    require => Package['perl-perfSONAR_PS-Toolkit']
+  }
+  file { '/var/lib/perfsonar/log_view':
+    ensure => 'directory',
+    owner  => 'perfsonar',
+    group  => 'perfsonar',
+    mode   => '0755',
+    require => Package['perl-perfSONAR_PS-Toolkit']
   }
-# file { '/opt/perfsonar_ps/toolkit/etc/external_addresses':
-#   ensure  => 'present',
-#   owner   => 'root',
-#   group   => 'root',
-#   mode    => '0644',
-#   content => template("${module_name}/administrative_info.erb"),
-# }
-  $agent_options = merge($perfsonar::params::agentconfig, $agentconfig)
-  file { '/opt/perfsonar_ps/mesh_config/etc/agent_configuration.conf':
-    ensure  => 'present',
-    owner   => 'perfsonar',
-    group   => 'perfsonar',
-    mode    => '0644',
-    content => template("${module_name}/agent_configuration.conf.erb"),
-  }
-  # ??? run "sudo -u perfsonar /opt/perfsonar_ps/mesh_config/bin/generate_configuration" when agent_configuration.conf is changed
-  # it takes a long time to complete, so it's probably not a good idea, it's being run by a cron job every night any way
 }
+
+# info for 3.4
+
+#run /opt/perfsonar_ps/toolkit/scripts/upgrade/upgrade_owamp_port_range.sh (new port range)
+
+#for script in %{install_base}/scripts/system_environment/*; do
+# run script
+#done
+
+# WLCG info: https://twiki.opensciencegrid.org/bin/view/Documentation/InstallUpdatePS
+# only use BWCTL and OWAMP
diff --git a/manifests/esmond.pp b/manifests/esmond.pp
@@ -0,0 +1,53 @@
+class perfsonar::esmond (
+  $use_db_module = true,
+  $dbname        = $::perfsonar::params::esmond_dbname,
+  $dbuser        = $::perfsonar::params::esmond_dbuser,
+  $dbpassword    = $::perfsonar::params::esmond_dbpass,
+) inherits perfsonar::params {
+  if $use_db_module {
+    class { 'postgresql::server': }
+    postgresql::server::db { $dbname:
+      user     => $dbuser,
+      password => postgresql_password($dbuser, $dbpassword),
+      grant    => 'ALL',
+      before   => Exec['run esmond configuration script'],
+    }
+    # update auth to allow esmond access to the DB
+    postgresql::server::pg_hba_rule { 'allow local password auth':
+      description => 'allow local authentication using a password',
+      type        => 'local',
+      database    => 'all',
+      user        => 'all',
+      auth_method => 'md5',
+      # need local md5 auth for esmond user, but the second default pg_hba rule
+      # is a generic ident auth for local connections, therefore we need to place
+      # this rule before the second default rule
+      order       => '002',
+      before      => Exec['run esmond configuration script'],
+    }
+  }
+
+  file { '/opt/esmond/esmond.conf':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template("${module_name}/esmond.conf.erb"),
+    require => Package['esmond'],
+  }
+  # the remaining content of this script should be moved here if possible
+  file { '/usr/local/sbin/puppet_perfsonar_configure_esmond':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0750',
+    content => template("${module_name}/configure_esmond.erb"),
+    require => File['/opt/esmond/esmond.conf'],
+  }
+  exec { 'run esmond configuration script':
+    command   => '/usr/local/sbin/puppet_perfsonar_configure_esmond',
+    logoutput => 'on_failure',
+    creates   => '/var/lib/esmond/.configured.puppet',
+    require   => File['/usr/local/sbin/puppet_perfsonar_configure_esmond'],
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -0,0 +1,11 @@
+class perfsonar {
+  include 'perfsonar::install'
+  include 'perfsonar::config'
+  include 'perfsonar::service'
+  include 'perfsonar::apache'
+  include 'perfsonar::esmond'
+  include 'perfsonar::regular_testing'
+  include 'perfsonar::mesh_config'
+  include 'perfsonar::owamp'
+  include 'perfsonar::bwctl'
+}
diff --git a/manifests/install.pp b/manifests/install.pp
@@ -1,5 +1,7 @@
 class perfsonar::install (
-  $packages = $perfsonar::params::install_packages,
+  $ensure = $::perfsonar::install_ensure,
 ) inherits perfsonar::params {
-  package { $packages: }
+  package { $perfsonar::params::install_packages:
+    ensure => $ensure,
+  }
 }
diff --git a/manifests/mesh_config.pp b/manifests/mesh_config.pp
@@ -0,0 +1,4 @@
+class perfsonar::mesh_config {
+  include 'perfsonar::mesh_config::install'
+  include 'perfsonar::mesh_config::config'
+}
diff --git a/manifests/mesh_config/config.pp b/manifests/mesh_config/config.pp
@@ -0,0 +1,32 @@
+class perfsonar::mesh_config::config(
+  $agentconfig = $::perfsonar::params::mesh_config_agent,
+) inherits perfsonar::params {
+  $agent_options = merge($perfsonar::params::agentconfig, $agentconfig)
+  file { '/opt/perfsonar_ps/mesh_config/etc/agent_configuration.conf':
+    ensure  => 'present',
+    owner   => 'perfsonar',
+    group   => 'perfsonar',
+    mode    => '0644',
+    content => template("${module_name}/agent_configuration.conf.erb"),
+    require => Package['perl-perfSONAR_PS-MeshConfig-Agent']
+  }
+  # needs notty in sudoers
+  exec { 'generate mesh configuration':
+    command     => '/usr/bin/sudo -u perfsonar /opt/perfsonar_ps/mesh_config/bin/generate_configuration',
+    logoutput   => 'on_failure',
+    subscribe   => File['/opt/perfsonar_ps/mesh_config/etc/agent_configuration.conf'],
+    require     => [
+      Exec['run regular testing configuration script'],
+      File['/etc/sudoers.d/perfsonar'],
+    ],
+    refreshonly => true,
+    notify      => Service['regular_testing'],
+  }
+  file { '/etc/sudoers.d/perfsonar':
+    ensure => 'file',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0440',
+    content => "Defaults!/opt/perfsonar_ps/mesh_config/bin/generate_configuration !requiretty\n",
+  }
+}
diff --git a/manifests/mesh_config/install.pp b/manifests/mesh_config/install.pp
@@ -0,0 +1,7 @@
+class perfsonar::mesh_config::install(
+  $ensure = $::perfsonar::params::mesh_config_install_ensure,
+) inherits perfsonar::params {
+  package { $::perfsonar::params::mesh_config_packages:
+    ensure => $ensure,
+  }
+}
diff --git a/manifests/owamp.pp b/manifests/owamp.pp
@@ -0,0 +1,4 @@
+class perfsonar::owamp {
+  include 'perfsonar::owamp::install'
+  include 'perfsonar::owamp::service'
+}
diff --git a/manifests/owamp/install.pp b/manifests/owamp/install.pp
@@ -0,0 +1,7 @@
+class perfsonar::owamp::install(
+  $ensure = $::perfsonar::params::owamp_install_ensure,
+) inherits perfsonar::params {
+  package { $::perfsonar::params::owamp_packages:
+    ensure => $ensure,
+  }
+}
diff --git a/manifests/owamp/service.pp b/manifests/owamp/service.pp
@@ -0,0 +1,11 @@
+class perfsonar::owamp::service(
+  $ensure = $::perfsonar::params::owamp_ensure,
+  $enable = $::perfsonar::params::owamp_enable,
+) inherits perfsonar::params {
+  service { 'owampd':
+    ensure     => $ensure,
+    enable     => $enable,
+    hasstatus  => false,
+    hasrestart => true,
+  }
+}